Search the Community

Showing results for tags 'password'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to ProcessWire
    • News & Announcements
    • Showcase
    • Wishlist & Roadmap
  • Community Support
    • Getting Started
    • Tutorials
    • FAQs
    • General Support
    • API & Templates
    • Modules/Plugins
    • Themes and Profiles
    • Multi-Language Support
    • Security
    • Jobs
  • Off Topic
    • Pub
    • Dev Talk

Found 24 results

  1. Hello, can somebody tell me, if it is possible to get the clear password of an InputfieldPassword inside a module, before it is encrypted? I have made a custom module which sets the password of an Auth0User after the hook publishReady with a random generated password. When I try to get a clear password from a InputfieldPassword in this hook, it is of course already encrypted (which is of course good). But is there a hook before the encryption, so I could get it one time to send it to Auth0? If there is not such thing, could be another possibility to add a jQuery script to get the value directly from the DOM and save it somewhere temporarily? I know this might be an unusual question, but I would appreciate any feedback. Regards, Andreas
  2. Password Generator Adds a password generator to InputfieldPassword. Usage Install the Password Generator module. Now any InputfieldPassword has a password generation feature. The settings for the generator are taken automatically from the settings* of the password field. *Settings not supported by the generator: Complexify: but generated passwords should still satisfy complexify settings in the recommended range. Banned words: but the generated passwords are random strings so actual words are unlikely to occur. https://github.com/Toutouwai/PasswordGenerator
  3. Hey guys... Ok so I have a problem with a registration form password inputfield... The problem is that InputfieldPassword.js and InputfieldPassword.css are not loaded/fired. Or I dont even know exactly what is happening... Im pretty new to processwire and the website was not created by me so Im trying to figure out what has been done and how processwire works. Anyway this is how the form looks right now: ...and as you can see the styling is off (password validation check in particular)... this is what I see when page is loaded (without adding any input)... it looks like js and css files from wire/modules/Inputfield/InputfieldPassword are not firing... I dont know how it is supposed to work exactly so I dont even know where to start. Maybe someone has had similar problem and know an easy fix or can navigate me to what could cause this situation in PW. Oh by the way this problem occured when upgrading the PW version (current version 3.0.65)... everything else is ok... this is the only problem that has been found after upgrade... Appreciate all the help! Cheers!
  4. Yesterday we somehow lost access to all current admin, superuser/passwords to processwire. We tried using the reset password form and nothing was sent. We began noticing some of the menu buttons went missing as well as some photos. Any suggestions how to resolve the login issue?
  5. I have a simple front-end password update form like this: In the browser the label of the second field shows up as follows: WTH?! I can't figure out what is changing the label, what is inserting /processwire/ and reformatting the thing. Is this something in PW? A "helpful" thing that browsers do? Edit: The problem disappears if I simply rename the second field to 'Confirm Password'. So my problem is solved, but I'll leave this here in case this is some kind of bug.
  6. How do you get the same 'set password' form/input fields on the front-end as in the admin area? I have a working front-end version, but the admin version has some nifty stuff around it. Should be easy to get the same on the front-end, right?
  7. Hey all. I just came across a potential error in the FieldtypePassword. I have a password field added to some templates to protect the pages. However, whenever I want to save a page, I get the error of "required fiield missing"...that the password field is required and missing. But, the field is not set to required. Can anybody confirm that and/or has a solution? Best, Lukas
  8. Hello, Newbie question here. I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races. I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science. So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up. I'm retrieving user/pass from the sign-up form which has been posted before but : if($session->login($user, $pass)) { // login successful $session->redirect(elsewhere); } else echo "failed"; ... fails everytime. Do I have to use something like : $u = new User(); $u->name = "bill"; $u->pass = "billpwd"; $u->addRole("guest"); $u->save(); ... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?) I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ? ... Or I can add all information I need into PW but I'd like to understand where it is stored. Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ? Thanks
  9. I'm going to build a form for front-end user password changing. There should be three input fields current password new password confirm new password I knew that, password stored in database is hashed. How could I compare the input current password with the password stored in database ?
  10. If anyone can help with this that would be great. The password reset link is localhost? but i'm viewing the site from it's live url. Thanks, Jason
  11. Hello, I am trying to get the cleartext password in a hook on saveReady in an autoload module. But I get the already hashed value of the password: Session: pass: L1/CERxHKqXJCJkogk89O48b4bMnsqW What I have protected $templates = ["user", "server"]; public function init() { $this->pages->addHookAfter('saveReady', $this, 'hookSaveReady'); } public function hookSaveReady(HookEvent $event) { $page = $event->arguments[0]; if($page->isNew) return; if(!in_array($page->template, $this->templates)) return; if($page instanceof User) $this->collectUserData($page); } public function collectUserData($page) { foreach ($page->fields as $field) { /*if( $page->isChanged($field) ) */$this->message($field->name . ": " . $page->$field); } } I guess I am hooking too late in the process but have no idea where to place the hook instead. EDIT: same with addHookBefore
  12. Hi Forum, I need to secure some downloads with a simple login form. As login tasks are new to me I try to adapt the code from this forum post for my purposes. This is where I am so far: A page with input field type "password" (name "password"). This code: <?php password protected areaif ($page->password) { $pass = $page->password; if ($input->post->pass != $pass) { echo "$page->body" . file_get_contents("./_login-form.inc"); // not logged in? get input form } else { foreach ($page->downloads as $file) { echo "<h2>Sie sind eingeloggt</h2>"; echo "<ul>" . "<li class='plain'><i class='fa fa-download'></i><a href='$file->url';?> $file->description</a></li>" . "</ul>"; } // foreach } // $input->post} //$page->password?> And for _login-form.inc <form method="post" action="./" accept-charset="UTF-8"> <input type="password" id="pass" name="pass" placeholder="" /> <button type="submit" name="submit" class="btn btn-success btn-block">Login</button></form> Unfortunately the conditional always returns false even if the correct password has been entered into the form. This is the first time I'm using fieldtype password, thus I don't know how to check for the correct password entered (I understand the value is stored encrypted but that's all I know). Any help is much appreciated. Thanks!
  13. Hi there, I'm developing locally on my laptop and we have a testing server where I deploy via rsynch + running a DB Dump script. (Exported via MySQLWorkbench) I've noticed that the admin password becomes invalid every time a DB Dump script is run on the server. Is this possibly because there's a hash and/or salt stored alongside the password and my local one is not valid on the server? Are there better practices of synching between my local Processwire and the server instance to prevent the admin password being invalidated?
  14. I didn't have time to look into the code, so I have to ask here: is there a limit for the password length? I'm using LastPass and wherever it's possible I use ridiculously long passwords. And so I did in PW for an admin password. After a logout I couldn't log in again. I managed to do that only after setting the pass to something shorter than 50-chars. I see no reason why the passwords could have been limited (as they're hashed anyway), so that totally might be something on my end (or LastPass). But, just in case, I thought it's worth mentioning here as a potential issue.
  15. Hi, On a 2.5 install I try to add a second super user. After adding and saving it with password assigned, It gets displayed with a strike through in the user list. When I then edit and save it again, I get this error: Missing required value Required password was not specified. But the password was entered already when I added the user. This is happening only on a clone of an install on my dev server. When I add the same user on my local environment, everything is working as expected. The install on the dev server is the same where I get the persistent httpHost error described in my other thread. Also the httpHost error message gets displayed twice, above the user list and on the very top: I have other PW installs on that server which are all running smoothly. Any pointers to a solution would be great. Thank you.
  16. Hi everyone, i want to create a user on the fly with sso, i recieve the password already hashed and want to save the user without having the password hashed by processwire afterwards. so far i could leave it rehashed in the database as long as the customer does not want to allow the users to use the direct loginmask. but if that changes, i would be in trouble. so is there a processwire way to do this or do i have to put the user in manually. i know we will have someone intelligent helping me out here
  17. Hello, I'm learning about password management/security in order to synchronize logins between PW users and Foxycart. In Foxycart I need to choose the password hash type I'm using. In my installation of PW wire->config.php shows: $config->userAuthHashType = 'sha1'; But in the post https://processwire.com/talk/topic/2954-password-hashing/ Ryan says: I'm using 2.4.4 version. As the server which PW shows blowfish is available I understand PW is using it. Foxycart doesn´t list this hash algorithm available. So, where should I change the hash method in wire->config? but it is overriden if blowfish is available in the server anyway? I'm a bit lost here , any direction / help would be appreciated.
  18. Is the password field compatible with the "required" option? I only ask because if I make it a required option when editing a page if I haven't changed the password, it throws a required error. Obviously I'd like for the user to be able to leave it blank and leave the password how it is. The problem is if I don't make it required then I may end up without a password at all. Is this something I should look to triggering via a module? Thanks.
  19. I'm having problems with password inputs within module config: First of all, it seems that simply inserting a Password inputfield and storing it's data isn't enough; everything seems to work fine, but password gets stored as plain text, which is obviously not a good idea. I could of course apply some custom logic here, but IMHO that shouldn't really be necessary (and it would most likely just create new security problems in the long run); am I missing something or is this a real problem? Another thing is that within module config password input get saved each time module settings are saved, which doesn't seem like correct behavior; shouldn't these only get saved when value has changed? Current behavior forces user to re-insert her password each time module config is saved (this actually applies to other inputs also, though this is probably the only situation where it causes problems.) I thought this latter problem could be avoided by setting password input value, but that doesn't seem to work either.. value is cleared at some later point, before input is rendered. So, what am I doing wrong here and any ideas how to fix it?
  20. I've been testing out the multisite feature of processwire installing via option 1 in the docs. I managed to get everything working by following the first option which requires installing a new version of PW and copying the files over to a site-mysite directory. I'm now testing out the second option which just needs the site files copies to a site- directory and importing the DB from another installation using PhpMyAdmin. The installation worked fine but when I try to login to the admin the username and password I used from my clone site are not recognised. I thought the password would pull over from the SQL database. I'm sure this is something really simple but I'm scratching my head at the moment. Any ideas?
  21. Hey guys, I'm really new to Processwire, found it like two days ago but already love it I just had a look at the wire folder and came across the userAuthHashType in config.php. This is set to sha1 which is not too secure, it would be good to use a different hashing method. If I'm right version 2.4 (?) will make use of all these nice PHP 5.3+ features, as well as Composer. PHP 5.4 will fight bad password hashing providing a password_hash() function, until then it might be good to use the ircmaxell/password_compat library. What do you think?
  22. Following on from my register template yesterday, I have modified it slightly to act as an "edit profile" template. It mostly works but I'm having problems with when the password gets updated. I originally thought this may be as when I'm giving the user a new pass and saving, they would no longer be logged-in as their password would be incorrect. Is that so? Here is a gist so as to not clutter up the thread! (You see I do listen, Soma ) https://gist.github.com/anonymous/0ecf562bb0f3fe923614
  23. Hey, I've searched for a while but with no results and I am anxious to get this done. I want to create a user password change script that changes the password to do this the user needs to fill in her/his old password. No problem but since PW does hash all passwords i cant just compare a hashed to a plain text password now can I. So I looked throught the wire folder and I couldn't really find something. How can I hash the password so I can compare it? Many thanks!
  24. Hello, I see that the backend of processwire is simple. I like that but... I've forgotton my email for my backend project I'm creating locally with MAMP. Simple but... where is the button such as, "forgot password". I suppose I missing something obviuos but I cannot find it in the display neither in google or in these forums. So, How do you reset/retieve your password from you backend of processwire? Greetings, Dani